CVE-2020-27009

CWE-823CWE-787Out-of-bounds WriteCWE-119Buffer Overflow3 documents3 sources
Severity
8.1HIGH
EPSS
0.7%
top 28.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Siemens Nucleus NETSiemens Apogee PXC Compact (bacnet)Siemens Apogee PXC Compact (P2 Ethernet)+5 more
Timeline
PublishedApr 22
Latest updateMay 24

Description

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompress

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages9 packages

CVEListV5siemens/apogee_pxc_compact_(bacnet)All versions < V3.5.5
CVEListV5siemens/apogee_pxc_modular_(bacnet)All versions < V3.5.5
CVEListV5siemens/talon_tc_compact_(bacnet)All versions < V3.5.5
CVEListV5siemens/talon_tc_modular_(bacnet)All versions < V3.5.5
CVEListV5siemens/apogee_pxc_compact_(p2_ethernet)All versions < V2.8.20

🔴Vulnerability Details

2
GHSA
GHSA-wfpc-6x9w-jf83: A vulnerability has been identified in Nucleus NET (All versions < V52022-05-24
CVEList
CVE-2020-27009: A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V32021-04-22
CVE-2020-27009 (HIGH CVSS 8.1) | A vulnerability has been identified | cvebase.io